According to CertiK's Hack3d report, crypto protocols lost over US$1.31 billion across 344 incidents in the first half of 2026, with code vulnerabilities as the leading attack vector at 204 incidents. Excluding the Bybit hack, losses rose about 28% year-on-year. Wallet compromise was the costliest vector at US$444.5 million across 33 incidents, while phishing accounted for US$366.3 million across 63 incidents.
Security engineer Taylor Hornby discovered a four-year-old soundness bug in Zcash's Orchard pool in late May using an AI-powered auditing agent, leading to an emergency patch on June 1 and hard fork on June 3. Anthropic research found AI agents identified the equivalent of US$4.6 million in simulated exploits across 405 previously compromised contracts. TRM Labs Global Head of Policy Ari Redbord argued the findings support continuous security review over one-time audits.